locked
Add Filter from user-mode pointing to a kernel-mode registered callout RRS feed

  • Question

  • Hi all!

    I'm planning how to actually realize my Napt solution.
    Is it possible to register callout through a permanent driver and the use a User mode application to dinamically add Filters pointing to these callout?

    My idea is that callouts will have all the mechanism implemented but they won't work till a filter points to them, letting user choose which NICs will be Natted everytime he launch the app.. 
    thanks in advance for every answer 
    Basso Fabrizio as ZioTron Nullum magnum ingenium sine mixtura dementiae fuit
    Sunday, July 24, 2011 2:27 PM

Answers

  • Yes.  This is a very common scenario.  You can only register the callouts in kernel.  You can add callouts and filters from both user and kernel.  Registration (FwpsCalloutRegister) essentially informs the system where your callout functions reside.  You then need to add them (FwpmCalloutAdd) to make them available to the filters.  By default filters referencing unregistered callouts will return FWP_ACTION_BLOCK.  There is no overhead incurred for just registering the callouts.

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Sunday, July 24, 2011 5:31 PM
    Moderator